Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Pages:
Author

Topic: Access to Ledger Nano S (2018 version) without PIN and seed words? (Read 280 times)

dkbit98
legendary
Activity: 2212
Merit: 7064
Access to Ledger Nano S (2018 version) without PIN and seed words?
November 14, 2022, 02:59:22 PM
#24
Quote from: mart on November 13, 2022, 06:59:18 AM
Their answer was:
Currently, there is no attack for the Ledger but we’re working on it.
That is going to be interesting to see, he is certainly working on something new.
It's possible to hack almost anything if you have the right tools and skills, especially if you have the right insider information available.
My theory is that he could find a way to hack old ledger model S device, than ledger can say how they already retired this device and issue was already fixed in model X and S plus  Wink
There is higher chance for older chips to get hacked, but he needs to think outside the box to perform this attack with success.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 14, 2022, 04:42:01 AM
#23
Quote from: NeuroticFish on November 14, 2022, 04:15:51 AM
According to the HW lists with Secure chip, list updated in September 2022, Trezor still didn't seem to add secure chip to their devices.
They don't have a secure element chip, but they are still using a model of the STM32 microcontroller. And the same thing is true for Ledger assuming all the data in that table is correct. The STM32 models they use are different though.

Quote from: NeuroticFish on November 14, 2022, 04:15:51 AM
And after the thing I've found in their blog (see my other post) I would not be surprised if they will not add secure element at all.
I wonder what they found, and if that information was shared with the chip manufacturers? Even though they are probably aware of their flaws, hence the non-disclosure agreements. Whatever it is, physical access to the device and the chip is surely mandatory. Maybe that or a similar research is the reason why Joe considers these chips as being flawed as well. 
NeuroticFish
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 14, 2022, 04:15:51 AM
#22
Quote from: Pmalek on November 14, 2022, 03:54:13 AM
And if I am not mistaken, both the Trezor and Ledger use this type of chip.

According to the HW lists with Secure chip, list updated in September 2022, Trezor still didn't seem to add secure chip to their devices.
And after the thing I've found in their blog (see my other post) I would not be surprised if they will not add secure element at all.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 14, 2022, 03:54:13 AM
#21
Quote from: mart on November 13, 2022, 06:59:18 AM
Yes. I contacted them and got some hope Smiley

Their answer was:
Currently, there is no attack for the Ledger but we’re working on it.
I think that Joe mentioned in one of his videos that the STM32 microcontroller chips are flawed in design and vulnerable to attacks. It's just a matter of finding the correct way to attack them and having enough resources to finance the attack and the tools needed. And if I am not mistaken, both the Trezor and Ledger use this type of chip. Who knows, maybe they are working on something as we speak...
mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 13, 2022, 06:59:18 AM
#20
Quote from: NeuroticFish on November 13, 2022, 03:42:06 AM
Quote from: mart on November 12, 2022, 11:01:25 AM
Reply from SatoshiLabs:
Hacking other companies' HW wallets is not our company's focus. We are also not able to provide you with any contacts for any subjects that deal with this because we simply don't have them.

Completely understandable.

Well, I've tried. Sorry that the idea was not as good as I hoped...

Maybe you could concentrate on finding flaws in that secure chip instead of telling that you're targeting exactly a Ledger device; if you tell about Ledger some may not help you because it can cause them bad publicity (bad actors vs the competition).
But yeah, make your own decisions, my ideas are not always great. Sad
Yes, concentrating on the chip is a good idea.
Actually the idea of Trezor as fan of open source hacking a closed source chip looked quite engaging Smiley


Quote from: Pmalek on November 13, 2022, 04:03:07 AM
If it weren't for the secure element present in the Ledger, I would tell you to get in touch with hardware hacker Joe Grand. He has some experience in that field, but it was with a Trezor with outdated firmware.

His website that deals with hacking hardware and software wallets is https://www.offspec.io/.
The way I see it is that you have nothing to lose that isn't already lost (meaning the crypto on the device whose PIN you don't know and you don't have the seed either).

Yes. I contacted them and got some hope Smiley

Their answer was:
Currently, there is no attack for the Ledger but we’re working on it.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 13, 2022, 04:03:07 AM
#19
If it weren't for the secure element present in the Ledger, I would tell you to get in touch with hardware hacker Joe Grand. He has some experience in that field, but it was with a Trezor with outdated firmware.

His website that deals with hacking hardware and software wallets is https://www.offspec.io/.
The way I see it is that you have nothing to lose that isn't already lost (meaning the crypto on the device whose PIN you don't know and you don't have the seed either).
NeuroticFish
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 13, 2022, 03:42:06 AM
#18
Quote from: mart on November 12, 2022, 11:01:25 AM
Reply from SatoshiLabs:
Hacking other companies' HW wallets is not our company's focus. We are also not able to provide you with any contacts for any subjects that deal with this because we simply don't have them.

Completely understandable.

Well, I've tried. Sorry that the idea was not as good as I hoped...

Maybe you could concentrate on finding flaws in that secure chip instead of telling that you're targeting exactly a Ledger device; if you tell about Ledger some may not help you because it can cause them bad publicity (bad actors vs the competition).
But yeah, make your own decisions, my ideas are not always great. Sad
mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 12, 2022, 11:01:25 AM
#17
Quote from: mart on November 07, 2022, 05:59:52 AM
Quote from: NeuroticFish on November 07, 2022, 04:42:10 AM
Quote from: https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3
In one of the many options we reviewed, we saw a potential candidate for a Secure Element to be used in our product and we went deeper into our research. As this was a Common Criteria certified chip, we did not expect what we found. Over a few weeks, we uncovered several different critical flaws requiring no special hardware leading to the extraction of the secrets from the chip. We quickly realized these were the attacks nobody tested against.

I don't know whether it's the same chip as Nano S is using, but maybe you get to use some of Trezor's knowledge on the matter.
Unlike Ledger, who are bound to not divulge anything about the secure chip they use, Trezor may be able to help.
I don't know, maybe I'm wrong, still, it can be an idea...

Wow, that's an interesting finding!
I will contact them and see if they can help  Wink

Reply from SatoshiLabs:
Hacking other companies' HW wallets is not our company's focus. We are also not able to provide you with any contacts for any subjects that deal with this because we simply don't have them.

Completely understandable.
mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 07, 2022, 05:59:52 AM
#16
Quote from: NeuroticFish on November 07, 2022, 04:42:10 AM
Quote from: https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3
In one of the many options we reviewed, we saw a potential candidate for a Secure Element to be used in our product and we went deeper into our research. As this was a Common Criteria certified chip, we did not expect what we found. Over a few weeks, we uncovered several different critical flaws requiring no special hardware leading to the extraction of the secrets from the chip. We quickly realized these were the attacks nobody tested against.

I don't know whether it's the same chip as Nano S is using, but maybe you get to use some of Trezor's knowledge on the matter.
Unlike Ledger, who are bound to not divulge anything about the secure chip they use, Trezor may be able to help.
I don't know, maybe I'm wrong, still, it can be an idea...

Wow, that's an interesting finding!
I will contact them and see if they can help  Wink
NeuroticFish
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 07, 2022, 04:42:10 AM
#15
Quote from: mart on November 06, 2022, 04:14:24 AM
the Trezor from that time where much easier to hack

While looking up for something unrelated, I've read about Trezor's official reasons behind not using Secure Elements.

Quote from: https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3
In one of the many options we reviewed, we saw a potential candidate for a Secure Element to be used in our product and we went deeper into our research. As this was a Common Criteria certified chip, we did not expect what we found. Over a few weeks, we uncovered several different critical flaws requiring no special hardware leading to the extraction of the secrets from the chip. We quickly realized these were the attacks nobody tested against.

I don't know whether it's the same chip as Nano S is using, but maybe you get to use some of Trezor's knowledge on the matter.
Unlike Ledger, who are bound to not divulge anything about the secure chip they use, Trezor may be able to help.
I don't know, maybe I'm wrong, still, it can be an idea...
mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 06, 2022, 04:14:24 AM
#14
Quote from: n0nce on November 04, 2022, 08:47:09 AM
Unfortunately, I'm not aware of firmware bugs that are easily exploitable on old Ledgers, like on Trezor Model One.
Yes, the Trezor from that time where much easier to hack: one could simply brute force the PIN (https://blog.ledger.com/Breaking-Trezor-One-with-SCA) and there is no secure element in use -- so it would be possible to extract the keys straight from the chip (https://medium.com/the-capital/trezor-hardware-wallet-hacked-in-15-min-and-75-e3c23ced166).

Quote from: n0nce on November 04, 2022, 08:47:09 AM
Have you tried contacting reputable people with knowledge / experience in this field yet? That's probably a workable sum of money.
Do you have some people in mind that you think I should try to contact?


Quote from: AB de Royse777 on November 04, 2022, 02:29:24 PM
Does it have something to do with the exchange which owner suddenly died but later it was rumored that he did not? A lawsuit was filed against him for scamming and then disappearing. I can not remember the story correctly but there was Canadian (maybe) exchange few years ago that was gone by telling this story.
No, that's another story. The owner actually really died in Spain by suicide and the documents are in German court.


m2017
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 05, 2022, 07:03:11 AM
#13
Quote from: AB de Royse777 on November 04, 2022, 02:29:24 PM
Quote from: mart on November 04, 2022, 05:26:12 AM
Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
Quote from: mart on November 03, 2022, 01:26:17 PM
The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.
I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).
The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.
Does it have something to do with the exchange which owner suddenly died but later it was rumored that he did not? A lawsuit was filed against him for scamming and then disappearing. I can not remember the story correctly but there was Canadian (maybe) exchange few years ago that was gone by telling this story.
I understand what you're talking about and it would be funny that it turns out that way. Although hardly anyone would admit to being involved in that story. I also believe that many users of the exchange would have a lot of questions for those partners of the owner of this hardware wallet device, if they are on the bitcointalk forum. So, I think we will not wait for the coming out and perhaps OP has nothing to do with that story. Who knows.
AB de Royse777
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 04, 2022, 02:29:24 PM
#12
Quote from: mart on November 04, 2022, 05:26:12 AM
Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
Quote from: mart on November 03, 2022, 01:26:17 PM
The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.
I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).
The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.
Does it have something to do with the exchange which owner suddenly died but later it was rumored that he did not? A lawsuit was filed against him for scamming and then disappearing. I can not remember the story correctly but there was Canadian (maybe) exchange few years ago that was gone by telling this story.
n0nce
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 04, 2022, 08:47:09 AM
#11
Quote from: mart on November 04, 2022, 05:26:12 AM
Quote from: n0nce on November 03, 2022, 09:01:06 PM
No no, the idea is to flash custom firmware on the Ledger's main MCU, leaving the secure element (and the seed stored therein) alone. You can do that before or after usage, should not matter.
This custom firmware can then just ask the secure element to sign a transaction sending all funds to a certain address and it should indeed return the signed transaction.

You do need to bypass firmware verification (performed by secure element), though, as described here.
https://youtu.be/Y1OBIGslgGM?t=1551
It is true, that I could put a custom software to Ledger's main MCU and leaving the secure element with the keys as it is.
However, the secure element takes PIN code as an argument when doing actions (like signing transaction for example) with the keys.

So with custom firmware I could do all kind of interesting tricks with the Ledger, but without the PIN code I still have no access to the secure element and it's functions nor keys.
And when supplying 3 incorrect PIN-s to the secure element then it will just erase the keys.
True, true. There may be an implementation bug; especially due to the closed-source STM32 code, it may not have been spotted yet.
Basically, you're looking for a hardware / software n-day, in case your 2018 Ledger was never updated. The hardware should be unmodified from 2018 to 2022, so when looking for hardware bugs, that will actually be 0-days. Unfortunately, I'm not aware of firmware bugs that are easily exploitable on old Ledgers, like on Trezor Model One.

Quote from: mart on November 04, 2022, 05:26:12 AM
Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
Quote from: mart on November 03, 2022, 01:26:17 PM
The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.
I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).
The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.

Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
You can't hack hardware wallets so easy, or governments wouldn't pay millions to do it somehow.
I could pay 6-7 figures for this work.
Have you tried contacting reputable people with knowledge / experience in this field yet? That's probably a workable sum of money.
mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 04, 2022, 05:26:12 AM
#10
Quote from: n0nce on November 03, 2022, 09:01:06 PM
No no, the idea is to flash custom firmware on the Ledger's main MCU, leaving the secure element (and the seed stored therein) alone. You can do that before or after usage, should not matter.
This custom firmware can then just ask the secure element to sign a transaction sending all funds to a certain address and it should indeed return the signed transaction.

You do need to bypass firmware verification (performed by secure element), though, as described here.
https://youtu.be/Y1OBIGslgGM?t=1551

It is true, that I could put a custom software to Ledger's main MCU and leaving the secure element with the keys as it is.
However, the secure element takes PIN code as an argument when doing actions (like signing transaction for example) with the keys.

So with custom firmware I could do all kind of interesting tricks with the Ledger, but without the PIN code I still have no access to the secure element and it's functions nor keys.
And when supplying 3 incorrect PIN-s to the secure element then it will just erase the keys.


Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
Quote from: mart on November 03, 2022, 12:36:27 PM
Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?
I also don't have the seed words.
How do you suppose to do that?
No idea so far. That's what I'm trying to find out here Smiley

Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
Quote from: mart on November 03, 2022, 01:26:17 PM
The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.
I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).
The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.

Quote from: dkbit98 on November 03, 2022, 02:52:53 PM
You can't hack hardware wallets so easy, or governments wouldn't pay millions to do it somehow.
I could pay 6-7 figures for this work.

[moderator's note: consecutive posts merged]
n0nce
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 03, 2022, 09:01:06 PM
#9
Quote from: mart on November 03, 2022, 02:00:45 PM
Quote from: NeuroticFish on November 03, 2022, 01:54:46 PM
I've found at some point these writings: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
I don't know if you're familiar with them, unfortunately I didn't get to read much either, but a quick look seems to tell that getting the info is possible, especially if you're lucky to have an old firmware on it (1.3.1).

Thanks for that, but I have already went through the linked article. Even contacted the author Smiley

The attack described by Saleem Rashid in the article can be used to put a custom software to the Ledger Nano S before the usage by the user.
In my case that unfortunately doesn't help  Undecided
No no, the idea is to flash custom firmware on the Ledger's main MCU, leaving the secure element (and the seed stored therein) alone. You can do that before or after usage, should not matter.
This custom firmware can then just ask the secure element to sign a transaction sending all funds to a certain address and it should indeed return the signed transaction.

You do need to bypass firmware verification (performed by secure element), though, as described here.
https://youtu.be/Y1OBIGslgGM?t=1551
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 03, 2022, 02:52:53 PM
#8
Quote from: mart on November 03, 2022, 12:36:27 PM
Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?
I also don't have the seed words.
How do you suppose to do that?
Seed words backup is mandatory to have, and it's even better if you have multiple copies in different locations.
If you don't have both PIN and seed words I can only consider you stole found this device from someone else, or you found it somewhere.

Quote from: mart on November 03, 2022, 12:36:27 PM
So the only way seems to be physically extracting the information from the chip.
Does anyone know a lab or someone who is able to extract the needed information from the chip?
You could in theory only extract encrypted stuff that means nothing to you and it can't be used for anything, unless Ledger and chip manufacturer have some backdoor access.
I wouldn't be surprised if they do have something like this, when everything is closed source and hush hush in their business.

Quote from: mart on November 03, 2022, 01:26:17 PM
The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.
I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).
You can't hack hardware wallets so easy, or governments wouldn't pay millions to do it somehow.

mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 03, 2022, 02:00:45 PM
#7
Quote from: NeuroticFish on November 03, 2022, 01:54:46 PM
I've found at some point these writings: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
I don't know if you're familiar with them, unfortunately I didn't get to read much either, but a quick look seems to tell that getting the info is possible, especially if you're lucky to have an old firmware on it (1.3.1).

Thanks for that, but I have already went through the linked article. Even contacted the author Smiley

The attack described by Saleem Rashid in the article can be used to put a custom software to the Ledger Nano S before the usage by the user.
In my case that unfortunately doesn't help  Undecided
NeuroticFish
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 03, 2022, 01:54:46 PM
#6
Quote from: ?? on ??
The Ledger Nano S has a dual-chip architecture. There is one normal chip for buttons, screen, USB, etc. And another one -- the secure element -- for all actions with private keys.
It's actually very good and clever design. And very hard to hack Cheesy

I've found at some point these writings: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
I don't know if you're familiar with them, unfortunately I didn't get to read much either, but a quick look seems to tell that getting the info is possible, especially if you're lucky to have an old firmware on it (1.3.1).
mart
copper member
Activity: 58
Merit: 0
Re: Access to Ledger Nano S (2018 version) without PIN and seed words?
November 03, 2022, 01:26:17 PM
#5
Quote from: NeuroticFish on November 03, 2022, 12:51:20 PM
Quote from: mart on November 03, 2022, 12:36:27 PM
Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?

Since you don't have neither the PIN, nor the private key,... is this your Ledger? I guess not. And then, why would we help you steal somebody else's money? "paid in abundance" sound cool, but "accessory to crime" doesn't.

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.


Quote from: AB de Royse777 on November 03, 2022, 12:46:02 PM
The way I understand it, you do not need the same pin. Pin are just to keep the device locked. All you need is the seed phrase. If you have it then you can use any ledger device with any pin in it and restore the wallet.

Quote from: mart on November 03, 2022, 12:36:27 PM
The private keys are stored in the Secure Element (SE) of the Nano S: the ST31H320 chip.
The SE is asking for PIN before any action with the keys
What is this SE? Haven't you store your seed in physical form in a paper or any other form?

If I had the seed phase then I wouldn't have made this post  Wink


Quote from: hugeblack on November 03, 2022, 12:53:47 PM
AFAIK, after 3 wrong PINs your device will be turned to new seed PIN cannot be bruteforce and seed will be.
here are service that can bruteforce your wallet seed if you lost 2-3 words, you can ask them for more details.
I don't know if there is a device that can be connected or modified on the hardware that makes it possible to do more than 3 PIN attempt.


Yeah, thanks.

I do offer the service myself where I can restore your seed when you have up to 6 words missing  Wink (And I can also find the missing words even if you mixed the order of the words.)

It is easy to put a custom software to the Ledger Nano S, but that doesn't help either while the chip that is holding the private keys is also asking for the PIN.


Quote from: AB de Royse777 on November 03, 2022, 12:46:02 PM
What is this SE?

Secure Element.

The Ledger Nano S has a dual-chip architecture. There is one normal chip for buttons, screen, USB, etc. And another one -- the secure element -- for all actions with private keys.
It's actually very good and clever design. And very hard to hack Cheesy

[moderator's note: consecutive posts merged]
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Jump to: